chore(config): ajuster docker, cors et securite

2026-01-11 17:06:25 +01:00
parent 15e0b23f15
commit 5222a6bbf9
10 changed files with 73 additions and 12 deletions
--- a/config/packages/api_platform.yaml
+++ b/config/packages/api_platform.yaml
@@ -2,6 +2,6 @@ api_platform:
    title: Hello API Platform
    version: 1.0.0
    defaults:
-        stateless: true
+        stateless: false
        cache_headers:
            vary: ['Content-Type', 'Authorization', 'Origin']
--- a/config/packages/lexik_jwt_authentication.yaml
+++ b/config/packages/lexik_jwt_authentication.yaml
@@ -0,0 +1,4 @@
+lexik_jwt_authentication:
+    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    pass_phrase: '%env(JWT_PASSPHRASE)%'
--- a/config/packages/nelmio_cors.yaml
+++ b/config/packages/nelmio_cors.yaml
@@ -4,7 +4,8 @@ nelmio_cors:
        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
        allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
        allow_headers: ['Content-Type', 'Authorization']
+        allow_credentials: true
        expose_headers: ['Link']
        max_age: 3600
    paths:
-        '^/': null
+        '^/api/': ~
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -29,10 +29,17 @@ security:
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: lexik_jwt_authentication.handler.authentication_failure

+        session_profile:
+            pattern: ^/api/session
+            stateless: false
+
+        session_api:
+            pattern: ^/api/(sites|machines|documents|profiles)
+            stateless: false
+
        api:
            pattern: ^/api
-            stateless: true
-            jwt: ~
+            stateless: false

        main:
            lazy: true
@@ -40,7 +47,9 @@ security:

    # Note: Only the *first* matching rule is applied
    access_control:
-        - { path: ^/api/login, roles: PUBLIC_ACCESS }
+        - { path: ^/api/session/profile, roles: PUBLIC_ACCESS }
+        - { path: ^/api/session/profiles, roles: PUBLIC_ACCESS }
+        - { path: ^/api, roles: PUBLIC_ACCESS }
        - { path: ^/api/docs, roles: PUBLIC_ACCESS }
        - { path: ^/api/test, roles: PUBLIC_ACCESS }
        - { path: ^/docs, roles: PUBLIC_ACCESS }
--- a/config/reference.php
+++ b/config/reference.php
@@ -1,7 +1,5 @@
 <?php

-declare(strict_types=1);
-
 // This file is auto-generated and is for apps only. Bundles SHOULD NOT rely on its content.

 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
@@ -1387,7 +1385,7 @@ use Symfony\Component\Config\Loader\ParamConfigurator as Param;
 *     mercure?: bool|array{
 *         enabled?: bool|Param, // Default: false
 *         hub_url?: scalar|null|Param, // The URL sent in the Link HTTP header. If not set, will default to the URL for MercureBundle's default hub. // Default: null
- *         include_type?: bool|Param, // Always include @var in updates (including delete ones). // Default: false
+ *         include_type?: bool|Param, // Always include @type in updates (including delete ones). // Default: false
 *     },
 *     messenger?: bool|array{
 *         enabled?: bool|Param, // Default: false